Binance Restricts 85 LockBit Crypto Wallets – BankInfoSecurity.com

Cryptocurrency Fraud , Fraud Management & Cybercrime , Ransomware
Cryptocurrency trading platform Binance restricted access to 85 accounts as part of an action against the LockBit ransomware affiliates, and authorities estimated that members of the now-defunct ransomware-as-a-service operation had pocketed “hundreds of millions” in ransom.
See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors
Police from the United Kingdom, the United States, and Europe seized over 35 LockBit servers and replaced the group’s dark web data leak page with a seizure notice on Monday. As part of the action dubbed Operation Cronos, police confiscated LockBit source code, affiliate back-end servers and a trove of data (see: Breach Roundup: More Fallout From the LockBit Takedown).
In an update on Friday, authorities said they had identified 30,000 bitcoin wallets linked to the ransomware group as part of an operation conducted with crypto research firm Chainalysis.
The actions resulted in Binance seizing 85 accounts tied to the group, although authorities estimate more than 500 affiliate accounts continue to remain active.
Further analyses of LockBit crypto wallets from July 2022 to this month reveal that the group pocketed hundreds of millions in ransom, nearly 20% of which was paid by LockBit affiliates. Of these, nearly $114 million remain unspent, authorities said on Friday.
“LockBit’s activity on the blockchain illustrates its sheer longevity relative to other ransomware-as-a-service strains,” Jackie Burns Koven, head of cyber threat intelligence at Chainalysis, said. “Based on LockBit’s cryptocurrency activity, we can also corroborate the large numbers of affiliates deploying LockBit,” she told Information Security Media Group.
The seizure of bitcoin wallets is the latest in a series of actions taken by law enforcement agencies against the ransomware group. On Thursday, email providers shuttered 14,000 email accounts associated with LockBit affiliates.
Since many affiliates continue to use advanced evasion tactics, crypto experts say identifying and arresting these actors will likely remain a challenge for law enforcement agencies.
Evasion tactics include using mixer services to obscure their profit origin and converting fiat currency to direct “crypto for cash” via unregulated exchanges and cryptocurrency ATMs – practices that often make tracking and blocking their activity difficult and time-sensitive, said Joseph Buckley, director at specialist consultancy firm Control Risks.
In one case Chainalysis observed, LockBit was working with an Iranian ransomware strain and depositing money to an Iranian exchange – likely indicating that it has affiliates working from Iran.
The fact that many LockBit affiliates tend to operate outside the jurisdiction of Western law enforcement agencies could also make arrests difficult – and possibly allow LockBit to regroup, Buckley said.
“Currently, law enforcement have not disclosed any arrests of the core members of LockBit. If this remains the case, in the long term, this takedown is unlikely to have a significant impact on the cybercriminal landscape because LockBit’s core members were not arrested,” he said.
Koven did not rule out a LockBit reemergence. She said Chainalysis will be monitoring how “LockBit affiliates adapt after the takedown” as well as how other ransomware actors change their operations “in light of the actions taken against LockBit.”
Senior Correspondent, ISMG
Asokan is a U.K.-based senior correspondent for Information Security Media Group’s global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Covering topics in risk management, compliance, fraud, and information security.
By submitting this form you agree to our Privacy & GDPR Statement
whitepaper
whitepaper
whitepaper

Artificial Intelligence & Machine Learning
Fraud Management & Cybercrime
Healthcare
Cryptocurrency Fraud
AI-Based Attacks
Continue »
90 minutes · Premium OnDemand 
Overview
From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now.
Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 – the bible of risk assessment and management – will share his unique insights on how to:
Sr. Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)
Was added to your briefcase
Binance Restricts 85 LockBit Crypto Wallets
Binance Restricts 85 LockBit Crypto Wallets
Just to prove you are a human, please solve the equation:

Sign in now
Need help registering?
Contact support
Complete your profile and stay up to date
Contact Support
Create an ISMG account now
Create an ISMG account now
Need help registering?
Contact support
Sign in now
Need help registering?
Contact support
Sign in now
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.

source